<?php

include('pagina.php');
include('database.php');
include('auth.php');
include('core.php');

// Verifica se tem permissao
validaPermissao(3);

// Verifica se houve envio do formulario.
if ($_POST['submit'] == 'Submit')
{
	query_bd("UPDATE supplies SET" .
	" name='{$_POST['name']}'" .
	", description='{$_POST['description']}'" .
	", category={$_POST['category']}" .
	",  value={$_POST['value']}" .
	($_POST['obs']?	", obs='" . mysql_real_escape_string($_POST['obs']) . "'" : "") .
	" WHERE id={$_POST['id']}");

	header( "Location: supply.php?id={$_POST['id']}&msg=Supply item was modified successfuly." );
	die();
}

// Verifica se ha supply para ver
if (!$_GET['id'])
{
	forbidden();
}

// Busca todos os dados do supply
$supply = query_fetch("SELECT * FROM supplies WHERE id={$_GET['id']} LIMIT 1");

// Se nao existe, cai fora
if (!$supply)
{
	forbidden();
}

// Inicia cabecalho da pagina
pagina_inicio('ParkSys - Edit supply item');
adicionar_js('input-format.js');
pagina_head();

// Mostra opcao de cancelar edicao
echo "<ul id=opcoes>";
echo "<li class='negative'><a href='supply.php?id={$supply['id']}'><img src='img/cancel.png' alt=''>Cancel Edit</a></li>";
echo "</ul><br>";

echo "<form id=supply_edit class=big_form method=POST action='supply_edit.php'>";
echo "<input type=HIDDEN name=id value={$supply['id']} />";
echo "<h1>Edit Supply Item</h1><br>";
echo "<label for=name>Item name:</label> <input type=TEXT id=name name=name value='{$supply['name']}' size=40 maxlength=50 /><br>";
echo "<label for=description>Description:</label> <input type=TEXT id=description name=description value='{$supply['description']}' size=40 maxlength=100 /><br>";
echo "<label for=category>Category:</label> <select id=category name=category>";

foreach ($SUPPLIES_CATEGORIES as $num => $name)
	echo "<option value={$num} " . ($supply['category']==$num? "selected=TRUE" : "") . ">{$name}</option>";

echo "</select>";
echo "<label for=value>Price:</label> \$<input type=TEXT id=value name=value value='{$supply['value']}' size=10 onChange='format_money(this)' /><br>";
echo "<hr><label for=obs>Observations:</label><br><textarea id=obs name=obs cols=40 rows=5 />";
echo $supply['obs'];
echo "</textarea>";
echo "<hr>";
echo "<input type=SUBMIT name=submit value='Submit' />";
echo "</form>";

// Finaliza pagina
pagina_fim();
?>
